Rspamd

Fast, free and open-source spam filtering system

Introduction

I've been looking for a suitable replacement for DSPAM, a project that was good but died and became unmaintained then totally removed from Zimbra. In recent searches I came across Rspamd which does all that DSPAM did and more and it can completely replace spamassassin - it's lighter, more configurable and more performant than spamassassin. These notes are a brief explanation of how to easily integrate rspamd into a ZCS server and disable spamassassin completely.

You should make these changes on a test server and backup any ZCS & rspamd configuration files that you are going to modify before you modify them - when you're happy that it works you can try it on a live server but again, make sure you backup any modified configuration files.

These are notes for installing rspamd on ZCS 8.7.x (my current version is 8.7.11), I use CentOS and these instructions are for that distribution and the equivalent version of RHEL although installing rspamd on Ubuntu should not be that different.

NB: Rmilter from the Rspamd project and documented on their web site is deprecated and won't be available as a separate package in future, do not use it.

[EDIT] As of today (2017-09-06) I have updated my server to the latest ZCS 8.8.3GA release and these instructions work and are valid for that version as well.

I've been running various versions of Rspamd for the last eight months and have not had any ill effects, although I only run this on my home server there has been a huge reduction in CPU usage from 15-20% to less than 5% for the same levels of inbound/outbound email. I have also removed all DNS & Protocol checks from within the ZCS configuration and the Postscreen settings have been set to their default values – this leads to rspamd processing all inbound email and also further CPU usage reductions.

The current rspamd install now uses an inbuilt milter compatible process for the mail that's sent to it, the anti-spam etc. components of rspamd for processing the mail through it's various modules and pass it back to postfix via the milter process. Do note that this configuration still uses the ZCS inbuilt amavisd & clamav for anti-virus processing.

The multiple-milter function in Postfix is broken by ZCS and only allows one milter to be functional (bugzilla report 97706 ), although that bug seems to require a trivial fix it’s unfortunately still languishing without any attention for the past two-plus years - please add your comments and vote if you feel it should be implemented.

Configuring Rspamd on the Zimbra Server

You will need to enable the rspamd & epel repositories, further details on the rspamd wiki:

Install Rspamd on Red Hat Enterprise Linux

yum install rspamd redis

Once you confirm rspamd is running correctly you can activate redis.

Modify the ZCS and rspamd config files as shown below

Make a copy of the ZCS /opt/zimbra/common/conf/main.cf & /opt/zimbra/conf/zmconfigd.cf files (just in case).

We need to set the zimbraMtaSmtpdMilters parameter in LDAP (this change will survive upgrades):

The antispam service should not now be shown in the list of enabled services.

The LDAP entry for smtpd_milters that we modified earlier survives an upgrade but the following one using postconf does not survive an upgrade nor do the changes to the zmconfigd.cf file (from item 3 above) and they need to be set after after every upgrade. The postconf setting is this :

$ postconf smtpd_milters=inet:localhost:11332

You can check the current status of the smtpd_milters entry with:

$ postconf | grep smtpd_milters

These are the basic changes you need to get rspamd working and the only rspamd config files you should need to create and modify are the ones below (these are not set by default):

NB: because of the high number of RBL (and other) DNS lookups, it's advisable to have a caching namesever on your lan (either the ZCS dnscache or your own DNS server, I use PowerDNS), if you don't do this you may get your server IP blacklisted with the RBL sites.

To summarise, you should now have a working rspamd daemon running with your ZCS server and mail passing between them both for processing. The only modification you should need to make after each upgrade are the ones to the zmconfigd.cf file and the postconf command for setting the smtpd_milters socket.

Do not modify any of the config files in the /etc/rspamd directory, please read the Rspamd documentation on the web site for details on which files to modify and how to add config override files to make further modifications to the rspamd config.

What I haven't mentioned is the current feature set in Rspamd and the fact that some of it's other modules could also replace their ZCS equivalents, for more details take a look at the Rspamd web site features page:

Spam Training

Users will still be able to use the Junk & Not Junk button in the Web UI to train the antispam system, the messages in the Junk folder will be passed to rspamd by a slightly modified zmtrainsa script. I suggest that the modified zmtrainsa script is added as a new cron job for training ZCS otherwise you will have to replace the original ZCS supplied script after every update.

The zmtrainsa script has been modified to remove (some of) the DSPAM & SA training, I've added a section for training the rspamd system from the same spam/ham accounts in ZCS so users continue using the 'Spam' & Not Spam' function in the ZCS Web UI.

You can take a look at the processing of this script by installing the following (make a copy of your original file first) modified zmtrainsa files and running the following command:

sh -x /opt/zimbra/bin/zmtrainsa_test2 &>>/opt/zimbra/log/zmtrainsa_test.log <-- check the output to see if it's working correctly.

Feedback

Feedback on your experience with rspamd, tweaks, configuration of rspamd itself and any questions/problems are always welcome in the forum thread on this topic.

If you think this is a worthwhile change for Zimbra then feel free to add you comments and votes to the RFE I' ve filed for removing spamassassin and adding this as a replacement in ZCS: bugzilla id 108168